Rancher server v2.7.7 deployed on Kubernetes runs as root user which is against the Restricted pod security standards applied on our cluster. This appears to be a serious security issue for our clusters. Is it possible to deploy Rancher not in privileged mode? Otherwise, what is the reason that Rancher needs to run as root?
Did you get an answer to this ? I am curious to know.
The recommened deplyoment is a separate cluster only for rancher, other workloads should be in downstream clusters.
And rancher probably needs roto access to manage the host network stack.
Hello,
Rancher needs to run as root mainly due to its requirement to manage Kubernetes clusters, which includes actions that require elevated permissions. Rancher’s documentation on deploying with non-root users and adjusting your cluster’s security policies accordingly.